I sent this note a couple of days ago, but for some reason it did not post so
I'll
try again.
I am doing some experimenting with regex expressions and matches and am having
some
difficulty getting two matches on one line. I have some questions that pertain
to
the following rule set.
:0 B
* ^Content-Type:.*
*
$name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|zip|SCR)\"
{
:0 fhwi
| formail -A"X-SMILE_Execute: Executable Code found and dumped"
:0:
/tmp/e.file.txt
}
The above works very well except that it filters *.com files that are web
addresses
that have multiple line entries in the form of:
Content-Type: text/plain; charset=us-ascii
"www.amazon.com"
Adding the quotes to the match stopped most of the errant matches but there are
still
some that are filtered wrong.
Because of this I would like to match only one line so that the above message
would
be bypassed. For instance I would like to match:
Content-Type: audio/x-wav; name="hdaqnll.exe"
With a statement like the following:
*
^Content-Type:.*$name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|z
ip|SCR)\"
I have also tried moving the "$" to the end of the line as the below without
success:
*
^Content-Type:.*name=\".*\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll|zi
p|SCR)\"$
Would some of you comment on the use of "$" being used to denote matching from
the
end of line and how it is supposed to be used"
Thanks,
Greg Ennis
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail